.NET Programmer Thoughts

Wednesday, January 26, 2005

Retrieve Users From a Active Directory Security Group

Last week I was asked to add some security to the application I had written. It is basically a front-end to several access databases. It displays all the available access applications and the user can double click on one and open it. The owner of the application said users should not be able to see the whole list. Only certain users need to see certain applications.

This meant that I was going to have to maintain a user list. I really didn't want to do this. So I googled around and found that I could access the users assigned to the security group assigned to my front-end application.

The call:
Dim myADGroup As AD_Group
Dim myUserList As DataTable
myADGroup = New _Group("TrishDomain", "TrishDC", "AppsSecGroup")
myUserList = myADGroup.ReturnUsers()
Unfortunately all this work was done in VB.NET. I'm still too new at all this to do the conversion to C# for you. I also had to do some reformatting to get it into this blog so if it doesn't work just let me know and I will email you the source file.

ReturnUsers() will return a DataTable of all the users in the Active Directory Security group. The DataTable will have the user's ID and full name. DomainName is the name of the domain. ServierName is the name of a domain controller. GroupName is the name of the Security group.

Imports System.DirectoryServices

Public Class AD_Group
Private DomainNameValue As String
Private ServerNameValue As String
Private GroupNameValue As String
Public Sub New(ByVal DomainName As String, ByVal ServerName As String, ByVal GroupName As String)
DomainNameValue = DomainName
ServerNameValue = ServerName
GroupNameValue = GroupName
End Sub

Public Function ReturnUsers()

Dim strDirEntryPath As String
strDirEntryPath = "WinNT://" + DomainNameValue
+ "/" + ServerNameValue + "/" + GroupNameValue + ",group"
Dim users As Object
Dim group As New DirectoryEntry(strDirEntryPath)

users = group.Invoke("members")

Dim user1 As Object

Dim ActiveDirTable As DataTable
ActiveDirTable = New DataTable("UserList")
Dim UserID As DataColumn = New DataColumn("UserID")
Dim UserName As DataColumn = New DataColumn("UserName")
UserID.DataType = System.Type.GetType("System.String")
UserName.DataType = System.Type.GetType("System.String")

For Each user1 In CType(users, IEnumerable)

Dim userEntry As New System.DirectoryServices.DirectoryEntry(user1)
Dim fullName As String = GetUserInfo(userEntry.Name, userEntry.Password)
Dim myNewRow As DataRow
myNewRow = ActiveDirTable.NewRow()
myNewRow("UserID") = userEntry.Name
myNewRow("UserName") = fullName

Return ActiveDirTable
End Function

Public Function GetUserInfo(ByVal username As String, ByVal pwd As String) As String
Dim strRealName As String = ""
If username = "" Or username = Nothing Then
strRealName = "Invalid Signature"
pwd = Nothing ' works better if pwd is nothing
Dim domain As String = DomainNameValue
Dim path As String = "LDAP://" + domain
Dim domainAndUsername As String = domain + "\" + username
Dim entry As DirectoryEntry = New DirectoryEntry(path, domainAndUsername, pwd)
Dim Searcher As DirectorySearcher = New DirectorySearcher(entry)
Dim result As System.DirectoryServices.SearchResult
Searcher.Filter = ("(anr=" & username & ")")
result = Searcher.FindOne()
If Not IsNothing(result) Then
strRealName = result.Properties("givenName")(0).ToString() & " " & result.Properties("sn")(0).ToString()
End If
End If
Return strRealName

End Function

End Class